The use of third-party components (TPCs), including open source software (OSS) or commercial off-the-shelf (COTS) components, has become defacto standard in software development. This paper breaks down the process and procedures developers need in order to test, improve, and quantify the security of third party components.